On Monday, February 22, 2016 at 12:29:31 PM UTC-5, Nikolaus Rath wrote: > > On Feb 22 2016, pisymbol <[email protected] <javascript:>> wrote: > [ Use TLS without verifying certificate ] > > So I added a backend-option just to see this would work and then noticed > > that python-dugong doesn't honor it. > > Well, how did you implement the option? You probably have to add the > feature to Dugong first. >
Seems like it. > > > It seems it always calls > > ssl.match_hostname() regardless of the ssl_context passed in (I set > > check_hostname = False and verify_mode = CERT_NOINE). > > Seems like a reasonable course of action to me. If you want to use SSL, > you'd certainly want to check if the certificate you got is for the host > you've connected to. That's different from checking if the certificate > is trusted. > Well it is only if check_hostname is true though as per the spec, right? > > > > Is this technically a bug Nikolaus? > > You mean that dugong checks the hostname even if you've set > `ssl_context.check_hostname` to False? That attribute has only been > introduced in Python 3.4, so I'd call it an enhancement :-). > Now that is a GOOD point. I missed that. So this change would be for 3.4 or higher. -aps -- You received this message because you are subscribed to the Google Groups "s3ql" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
